From 9a896c7e639ba088cd77710952d520db3b70521e Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Tue, 15 Sep 2020 16:07:18 +0000 Subject: Split the tls12_record_layer_write_mac() function. Split the existing tls12_record_layer_write_mac() function so that we can soon reuse part of it for the read side. No functional change. ok tb@ --- lib/libssl/tls12_record_layer.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/lib/libssl/tls12_record_layer.c b/lib/libssl/tls12_record_layer.c index d1686cb5bde..1984e177bdc 100644 --- a/lib/libssl/tls12_record_layer.c +++ b/lib/libssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.2 2020/09/15 15:11:58 jsing Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.3 2020/09/15 16:07:17 jsing Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -227,9 +227,10 @@ tls12_record_layer_pseudo_header(struct tls12_record_layer *rl, } static int -tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, - uint8_t content_type, const uint8_t *content, size_t content_len, - size_t *out_len) +tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb, + EVP_MD_CTX *hash_ctx, int stream_mac, uint16_t epoch, uint8_t *seq_num, + size_t seq_num_len, uint8_t content_type, const uint8_t *content, + size_t content_len, size_t *out_len) { EVP_MD_CTX *mac_ctx = NULL; uint8_t *header = NULL; @@ -240,12 +241,11 @@ tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, if ((mac_ctx = EVP_MD_CTX_new()) == NULL) goto err; - if (!EVP_MD_CTX_copy(mac_ctx, rl->write_hash_ctx)) + if (!EVP_MD_CTX_copy(mac_ctx, hash_ctx)) goto err; if (!tls12_record_layer_pseudo_header(rl, content_type, content_len, - rl->write_epoch, rl->write_seq_num, SSL3_SEQUENCE_SIZE, - &header, &header_len)) + epoch, seq_num, seq_num_len, &header, &header_len)) goto err; if (EVP_DigestSignUpdate(mac_ctx, header, header_len) <= 0) @@ -259,13 +259,12 @@ tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, if (EVP_DigestSignFinal(mac_ctx, mac, &mac_len) <= 0) goto err; - if (rl->write_stream_mac) { - if (!EVP_MD_CTX_copy(rl->write_hash_ctx, mac_ctx)) + if (stream_mac) { + if (!EVP_MD_CTX_copy(hash_ctx, mac_ctx)) goto err; } *out_len = mac_len; - ret = 1; err: @@ -275,6 +274,16 @@ tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, return ret; } +static int +tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb, + uint8_t content_type, const uint8_t *content, size_t content_len, + size_t *out_len) +{ + return tls12_record_layer_mac(rl, cbb, rl->write_hash_ctx, + rl->write_stream_mac, rl->write_epoch, rl->write_seq_num, + SSL3_SEQUENCE_SIZE, content_type, content, content_len, out_len); +} + static int tls12_record_layer_seal_record_plaintext(struct tls12_record_layer *rl, uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out) -- cgit v1.2.3